Access rights are configured on the Universe tab of the Administrator Panel.
There are two types of the access rights:
Unconditional — rights apply throughout the universe;
Conditional — user’s conditional rights are applicable only to those tasks to which the user is assigned. It should be noted that not all rights have a conditional option.
Below is a list of all the permissions that form access rights in Cerebro.
Access rights management — the ability to set access rights to users and groups in a given area. A conditional assignment is possible;
Task visibility — visibility problems in a given area and all the messages in them. A conditional assignment is possible;
Task visibility for сlients — visibility problems in a given area, and only those messages in them that are marked as visible to customers.
Working with tasks
Task/Project management — the ability to create and delete tasks. When installing on the universe, you can create and delete projects;
Edit task properties — the ability to edit properties of the problem a given area (except the budget and tags). A conditional assignment is possible;
Edit tags — the ability to edit tag values for the problems in a given area. A conditional assignment is possible;
Edit budget — ability to set the budget and make payment on the tasks in a given area. A conditional assignment is possible;
Edit progress — the ability to change the progress of tasks in a given domain (do not allow to put 100%, ie to transfer the problem into the Completed state. A conditional assignment is possible;
Planned man hours visibility — allows you to see upcoming, declared and adopted task hours in a given area. A conditional assignment is possible.
Working with messages
Create task definition — ability to create Task formulation type messages. A conditional assignment is possible;
Create review — ability to create Review type messages. A conditional assignment is possible;
Create report — ability to create Report and Resource report type messages. A conditional assignment is possible;
Create note — ability to create Note type messages. A conditional assignment is possible;
Create client review — ability to create Client review type messages. A conditional assignment is possible;
Edit message properties — ability to edit the message properties in a given area, such as Client visibility and Hour confirmation. A conditional assignment is possible;
Edit last message — allows you to edit messages of other users if they do not have an answer. A conditional assignment is possible;
Edit any message — unlimited editing of any messages in the specified ares. A conditional assignment is possible;
Edit report rating — allows you to edit the report rating (asterisk in the message body). A conditional assignment is possible.
Working with the universe
Users management — allows you to create and delete users, groups, roles and customize the appearance of people. Valid only at appointment to the universe;
Material resources management — allows you to create and delete resources. Valid only at appointment to the universe;
Salaries and working schedules management — ability to define users and resources to see the total bet and salary statistics. Valid only at appointment to the universe;
Statuses, activities and tags Management — ability to create and delete tags and activities. Valid only at appointment to the universe;
File storage allocation — ability to establish and configure a file storage. Valid only at appointment to the universe;
Login as other users — ability to log in to the system under the usernames of other users. Valid only at appointment to the universe.
There are permissions that are applicable to the universe level only. For example, such as permissions as Salary Management and Managing users, groups and roles. These permissions apply only to the global properties of the universe. Alongside with those, there are permissions that may be applied either on the global or on the local level, such as Access Rights and Budget Management. These permissions, being applied on the global level, will be inherited (if allowed) by all subordinate levels (all projects and tasks within the universe).
Permissions are additive, that is, if a user members in several groups, each group with different permissions within the scope, the user’s resulting permission will be the sum (appositon) of all permissions available to these groups.